Simple Trick to Prevent Cambridge Analytica and Others to Hack into Facebook Data
Cambridge Analytica was caught tampering with elections by exploiting Facebook, but chances are that this is the tip of the iceberg, and that many others, including scammers and ID thieves, are also exploiting Facebook and other social networks. One way that they do this is as follows.
Cambridge Analytica website (front page) – www.cambridgeanalytica.org
The Facebook Hacking Algorithm
This is how bad guys collect data about million of profiles, on Facebook:
Plant fake profiles – as many as 10,000 per campaign, possibly using cheap workers overseas to create and maintain these accounts, used for multiple evil purposes. New fake profiles are added every day.
Target big influencers (people with many friends) on Facebook, using a few of the fake profiles per target, to send friend requests. Chances are that 90% of the big influencers will reject the friend requests. In the process, many of the fake profiles will be disabled by Facebook for having too many unsuccessful friend requests. It is a question of numbers: not sending too many friend requests, creating fake profiles that are specifically designed for the initial target, and being able to create and keep enough fake profiles long enough, to optimize the process.
Other people connected with big influencers who accepted these fake friend requests (usually portraying attractive women) are then targeted the same way. Knowing that big influencer X is also friend with fake Y, real friends of X are more likely to accept an invite from Y. Over time, Y collects enough friends to become useful for the scammer: friends of X, friends of friends of X and so on. Read my article on 6 degrees of separation here, to see how fast this scheme could grow,
Now the scammer has access to all the data (Facebook profiles) of many real Facebook users, thanks to these fake friends. He can now download all the data (accessible to friends only) and collect whatever information you put in your profile (education, your posts, date of birth, hometown, your location, gender, marital status, and so on.) With sentiment analysis algorithms (analyzing your posts, who you are connected with) he can easily and automatically derive valuable information, such as your political or religious affiliation, health condition, wealth, or your age.
What can you and Facebook do for protection?
One way to protect yourself is to not share too much information with your friends, and not accepting friend requests from people that you don’t know. If a scammer has access to your date of birth, it could be the only information missing (he already has you social security number from other sources) to hijack your ID. If he knows when you are out of town and that you live alone, it will help him schedule a successful burglary.
Since many naive people will always accept friendship from strangers (for instance hoping to develop a new romance, or to appear more popular) an easy way for Facebook to reduce the risks is, each time a user is about to accept a new friendship, Facebook should use this trick: You must answer an automatically generated question about your new potential friend, such as the country of residence. This way, it will force you to at least look at the profile in question, rather than blindly accept friendship. And by looking at the profile in question (and his friends — many of his friends are probably other fake profiles that he created,) it will be obvious that he/she is fake.
Another solution is for Facebook to create dormant fake profiles. I did some tests myself, and any time you create a new profile (someone that does not even exist) you immediately get many friend requests from strangers (fake profiles too.) In some way it is kind of funny, fake profiles interacting with other fake profiles, but for Facebook, it is an easy solution to go fishing after scammers.
Did you know that there are more US Facebook profiles than there are US residents? If one cell phone number was attached to each profile (a one-to-one mapping), I am wondering how many US Facebook profiles would be left. Of cause, scammers use a bunch of temporary cell phone numbers, so this would not fix everything. Some of the profiles are duplicate, as many real members experience problems (being flagged by Facebook) for no reasons, as Facebook monitoring algorithms currently generate many false positives (as well as many false negatives.)
Detecting Fake News, Fake Reviews, Fake Accounts, Fake Pictures
For related articles from the same author, click here or visit www.VincentGranville.com. Follow me on on LinkedIn.
Subscribe to our Newsletter
Comprehensive Repository of Data Science and ML Resources
Advanced Machine Learning with Basic Excel
Difference between ML, Data Science, AI, Deep Learning, and Statistics
Selected Business Analytics, Data Science and ML articles
Hire a Data Scientist | Search DSC | Classifieds | Find a Job
Post a Blog | Forum Questions